Fix seccomp value in test

The seccomp value should be `2` rather than `1`. The test succeeded because we also have the value `Seccomp_filters` which gets matched by "ecc", too. We now check for "Seccomp:" to actually match the right field. Signed-off-by: Sascha Grunert <[email protected]>
kubernetes-sigs · Aug 10, 2023 · bed9a6b · bed9a6b
1 parent b9442e6
commit bed9a6b
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/pkg/validate/security_context_linux.go b/pkg/validate/security_context_linux.go
@@ -689,7 +689,7 @@ var _ = framework.KubeDescribe("Security Context", func() {
 			podID, containerID = seccompTestContainer(rc, ic, seccompProfile)
 
 			By("verify seccomp profile")
-			verifySeccomp(rc, containerID, []string{"grep", "ecc", "/proc/self/status"}, false, "0") // seccomp disabled
+			verifySeccomp(rc, containerID, []string{"grep", "Seccomp:", "/proc/self/status"}, false, "0") // seccomp disabled
 		})
 
 		It("should support seccomp localhost profile on the container", func() {
@@ -714,7 +714,7 @@ var _ = framework.KubeDescribe("Security Context", func() {
 			podID, containerID = seccompTestContainer(rc, ic, seccompProfile)
 
 			By("verify seccomp profile")
-			verifySeccomp(rc, containerID, []string{"grep", "ecc", "/proc/self/status"}, false, "1") // seccomp enabled
+			verifySeccomp(rc, containerID, []string{"grep", "Seccomp:", "/proc/self/status"}, false, "2") // seccomp enabled
 		})
 
 		It("should support nil profile, which is unconfined", func() {
@@ -724,7 +724,7 @@ var _ = framework.KubeDescribe("Security Context", func() {
 			podID, containerID = seccompTestContainer(rc, ic, nil)
 
 			By("verify seccomp profile")
-			verifySeccomp(rc, containerID, []string{"grep", "ecc", "/proc/self/status"}, false, "0") // seccomp disabled
+			verifySeccomp(rc, containerID, []string{"grep", "Seccomp:", "/proc/self/status"}, false, "0") // seccomp disabled
 		})
 
 		// SYS_ADMIN capability allows sethostname, and seccomp is unconfined. sethostname should work.